Elliptic Curve Cryptography

Hi team,


I want to implement ECC in our iOS application. Could you please confirm, if it is available in CommonCrypto, or could be achieved using CommonCrypto or any other security framework.


There are some apis available in OpenSSL, but as per CommonCrypto's documentation, OpenSSL is not stable and is getting updated quite soon.


Thanks

Ankit

Replies

What do you mean by “implement ECC in our iOS application”. iOS supports EC cryptography in general, but there are places where that support is not complete (I’m actually struggling to think of an example of this because recently releases have fleshed out the EC support). If you explain how you plan to use EC keys, I should be able to give you more concrete details.

Could you please confirm, if it is available in CommonCrypto, or could be achieved using CommonCrypto or any other security framework.

Just FYI, this isn’t in CommonCrypto. Asymmetric key cryptography is supported by the Security framework itself.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi,


You can look into GMEllipticCurveCrypto, I want to know, if we are having similar APIs for ECC implementation in Security framework.


I am currently working on development of JOSE security (JWE/JWA/JWT) and in that instead of using RSA encryption for JWE, we need to use ECC Cryptography.

You can look into GMEllipticCurveCrypto, I want to know, if we are having similar APIs for ECC implementation in Security framework.

AFAICT that library supports two features:

  • signature signing and verification (A)

  • shared secret generation (B)

You can definitely do A using the Security framework; check out this thread, which discusses that in the context of Touch ID.

I don’t think you can do B using the Security framework or CommonCrypto. IIRC the APIs necessary to do DH are part of CommonCrypto, but aren’t public )-:

As always, if iOS APIs aren’t available to do things that you need to do, you should file an enhancement request describing your requirements.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

ECDH really only requires a few things:


1. generating an ephemeral keypair, which you can do with `SecKeyGeneratePair()`


2. send the public key to the other party, which means you need to

(a) get the data of the key which requires a stupid round-trip via Keychain using `SecItemCopyMatching()`

(b) conform the key to the other end's requirements. In most cases of BLE devices etc. they will use a format where you just want the x & y points on the curve - the data you get from `SecItemCopyMatching()` has an extra 0x04 byte at the start (which I think is in an RFC somewhere - it defines the format?) that you will probably need to strip off. In most web service cases they will want an ASN.1 formatted key and there is excellent info on that from Quinn in this forum thread: https://forums.developer.apple.com/thread/8030 and there is also excellent code examples in https://github.com/DigitalLeaves/CryptoExportImportManager


3. generate the shared secret - as far as I can see the Security Framework doesn't expose a funciton to do this. `CCECCryptorComputeSharedSecret()` is in CommonCrypto but it is not a public function. You probably need to roll your own. It's all standardised stuff, and hopefully the primitives are all in Security.framework - in any case there are plenty of C libraries to do it, we can probably pull the code out of CommonCrypto ourselves if we have to.


4. encrypt a small piece of data to exchange to verify you both have the right key. This is the variable g that RFC-5114 specifies a few versions of - the spec of your api/device should say what the value of g is supposed to be. https://tools.ietf.org/html/rfc5114#section-3 Again there doesn't seem to be a canned way of either getting a standard g value, or doing this all in one step, but the steps are not too hard.


I'm currently replacing a custom C library with the Security framework and it really would be useful if 3 & 4 had a simple interface. ECDH is something that everyone should be doing a lot more of - if it were a simple matter of calling 3 or 4 functions in the right sequence and exchanging data, then I think a lot more people would use it (correctly).


I should probably raise a radar - but Quinn or anyone else, please correcty me if I'm missing any simple functions in the framework for 3 & 4.

I should probably raise a radar …

Lots of this stuff has changed with the new unified SecKey APIs we added in iOS 10 (and macOS 10.12). For example, you no longer need to round trip via the keychain to get the public key bits of a generated key (yay for

SecKeyCopyExternalRepresentation
). I recommend you dig into the new API before going further.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I am using new API SecKeyCopyExternalRepresentation in iOS 10.0. I want to share the public key to my server (Java based server).


Flow would be

  1. Server will encrypt the sharedSecret using the public key i have shared

    Question: Which algorith server should use to encrypt the sharedsecret using my public key?

  2. At client side once i have encrypted(sharedSecret), i will decrypt using secureenclave
    SecKeyCreateDecryptedData API.

    Will secure enclave able to decrypt since message is encrypted with public key and secure enclave has corresponding private key?

Will secure enclave able to decrypt since message is encrypted with public key and secure enclave has corresponding private key?

Yes.

Which algorith server should use to encrypt the sharedsecret using my public key?

You can use any of the

SecKeyAlgorithm
constants listed in
<Security/SecKey.h>
, subject to the following restrictions:
  • It has to be an encryption algorithm, not a signature algorithm or key exchange algorithm. Thus, you should only consider values containing

    Encryption
    .
  • The Secure Enclave only supports EC keys, so you should filter out all the values containing

    RSA
    .

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I have generated key pair using Secure Enclave (EC, 256). I have shared my public key(Pub1) with server using SecKeyCopyExternalRepresentation.


Now, I want the server to encrypt some data (data1) using this shared public key so I can decrypt the data(data1) and use it in my business.


Some context of Server side ECC:


Server will also have its EC key pair (Pub2/Pk2). Server will use its Private Key (Pk2) and the received Public Key from iOS application(Pub1) to generate a shared secret (KeyAgreement). Server can then encrypt the data (data1) using this shared secret and using the Symmetric Key algorithm (e.g. AES-GCM) and send to iOS application along with server public key (Pub2).

Server ECC capabilities support ECDH KeyAgreement only and not the pure asymmetric encryption similar to RSA.


The challenge on iOS as per the documentation of eciesEncryptionCofactorX963SHA256AESGCM is that we do not find a way to pass the server public key and decrypt using SecKeyCreateDecryptedData API.


As per API doc as below -

@constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM

Legacy ECIES encryption or decryption, use kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM in new code.

Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256. AES Key size

is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF,

and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and

all-zero 16 byte long IV (initialization vector).


We are struggling to find out the ways

1) How can we use server public key(Pub2) to decrypt data (data1) with above mentioned API ?

2) IF #1 above is not possible, what static Public key (as it is mentioned in API doc) can be used at server side?

3) as the algorithm on iOS mentioned SHA256AESGCM, we understand that some shared secret is derived internally by iOS which is then used for AES-GCM crypto. Please guide us through this internal algorithm.


Please help us how can server and iOS application support this type of encryption decryption ?

Please help us how can server and iOS application support this type of encryption decryption ?

I’m sorry but this is beyond what I can help you with in the context of DevForums. I recommend that you open a DTS tech support incident and get official support from DTS’s security expert.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi Malkan, Eskimo


Did you finally get a solution around this issue? I have exact same problem where I need to use decrypt API with Server's public key. But looks like Apple is using a Random AES key instead of server key.


If you can share the resolution would be of great help.


Thanks

Vikrant